From owner-freebsd-questions@FreeBSD.ORG Sun Jan 26 21:22:03 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3015190F for ; Sun, 26 Jan 2014 21:22:03 +0000 (UTC) Received: from bs1.fjl.org.uk (bs1.fjl.org.uk [84.45.41.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 93D551CCD for ; Sun, 26 Jan 2014 21:22:01 +0000 (UTC) Received: from [192.168.1.35] (host86-163-127-175.range86-163.btcentralplus.com [86.163.127.175]) (authenticated bits=0) by bs1.fjl.org.uk (8.14.4/8.14.4) with ESMTP id s0QLLpVd056859 (version=TLSv1/SSLv3 cipher=DHE-DSS-CAMELLIA256-SHA bits=256 verify=NO) for ; Sun, 26 Jan 2014 21:21:52 GMT (envelope-from frank2@fjl.co.uk) Message-ID: <52E57C72.3070001@fjl.co.uk> Date: Sun, 26 Jan 2014 21:21:54 +0000 From: Frank Leonhardt User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Why was nslookup removed from FreeBSD 10? References: <52E40CC4.6090401@fjl.co.uk> <201401252137.50132.mark.tinka@seacom.mu> <52E41619.1000505@fjl.co.uk> <52E55257.6030901@gmail.com> In-Reply-To: <52E55257.6030901@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jan 2014 21:22:03 -0000 On 26/01/2014 18:22, David Demelier wrote: > On 25/01/2014 20:52, Frank Leonhardt wrote: >> On 25/01/2014 19:37, Mark Tinka wrote: >>> On Saturday, January 25, 2014 09:13:08 PM Frank Leonhardt >>> wrote: >>> >>>> Unbelievable, but true - someone somewhere thought that >>>> removing nslookup from the base system was the way to >>>> go. >>>> >>>> Why? Can anyone shed any light on how this decision was >>>> made? >>> If you read: >>> >>> http://www.freebsd.org/releases/10.0R/relnotes.html >>> >>> Under the "2.3. Userland Changes" section, you will notice: >>> >>> "BIND has been removed from the base system. >>> unbound(8), which is maintained by NLnet Labs, has >>> been imported to support local DNS resolution >>> functionality with DNSSEC. Note that it is not a >>> replacement of BIND and the latest versions of BIND >>> is still available in the Ports Collection. With >>> this change, nslookup and dig are no longer a part >>> of the base system. Users should instead use >>> host(1) and drill(1) Alternatively, nslookup and >>> dig can be obtained by installing dns/bind-tools >>> port. [r255949]" >>> >>> So install /usr/ports/dns/bind-tools and you're a happy guy. >>> >>> As to the philosophy of it all, no point arguing. Fait >>> accompli. >>> >>> Mark. >> As you and Waitman both pointed out, nslookup IS part of BIND, yet as I >> said in the diatribe following the question in my post, so is "host" and >> that's still there. Also Windoze has nslookup but doesn't include BIND. >> I agree there's no point arguing unless you know the rational behind >> what appears an arbitrary decision; hence my question. Was this simply >> an oversight or is there a thought-out reason for it that one can take >> issue with? >> >> IIRC, nslookup was present in 4.3BSD, and I'm pretty sure it existed >> before that. (That's BSD, not FreeBSD). Its relied on in scripts. The >> reason for dropping it from the base system must be pretty spectacular. >> >> FreeBSD 10.0 might be better known as FreeBSD Vista, at this rate. >> >> Regards, Frank. >> > Please don't piss off, there was thousands of reasons for removing BIND > from base. It generates at least 5 security advisories by year. FreeBSD > has a great feature called "ports" / "packages". Of course it's always > great to have a fully functional system just after an installation. But > can you seriously use a FreeBSD fresh install? I think you need to > install a bunch of packages before :-). > > So just a pkg install bind-tools is not so hard, isn't it? > > Regards, > > David. All this is may be true, but I was asking about nslookup, specifically not BIND (as I pointed out in the original question). If you read most of this thread, people just want to talk about BIND and as a result I can see why you'd think this was the agenda when it wasn't. I'm having a few interesting off-list discussions about the merits or otherwise of BIND and where BIND10 is going, but that's not a question (feel free to join in by email). So, to get back to the question, the problem is that nslookup is missing from base. Why? Yes, it was part of BIND, but it needn't be as it uses its own resolver (which is one of its long-running criticisms, but in this case it's a strength). Dig and host were also part of BIND. BIND's dig has been replaced in ldns by the semi-compatible "drill". BIND's host has been replaced on FreeBSD 10.0 by an ldns re-write. BIND's nslookup, the oldest utility of them all, the one that people use for scripting because it's been there since the beginning of time (nearly), the one that's available (out-of-the-box) on every platform including Microsoft - is suddenly GONE! If someone's not involved in server-type stuff and don't use shell scripts the significance of this may be less hard to see, but the reason for having a base system, unlike the disparate Linux distributions where nothing can be taken for granted, is that you can take a script written in 1986 that has limited itself to base-system utilities and it will STILL RUN in 2014. So did this happen because someone decided that there was no need to have a DNS server in base when all that was needed was a caching resolver, and the nslookup utility was simply overlooked. Or did someone decide that nslookup was a problem and dropped it. Or is it on someone's To Do list and got missed off that way?